Malware

Generic.KillMBR.A.15275B9D information

Malware Removal

The Generic.KillMBR.A.15275B9D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.KillMBR.A.15275B9D virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Generic.KillMBR.A.15275B9D?



File Info:

name: 1FAA164817CEBFE79F81.mlw
path: /opt/CAPEv2/storage/binaries/d6137def46a6cf40d323484b7c911f7d372c56fbedd26edfcada29fb82ad5e11
crc32: 94AA825B
md5: 1faa164817cebfe79f81a25e12a75296
sha1: c2321c6268c3ae8a9e99ae6c8ccf6984e4dda866
sha256: d6137def46a6cf40d323484b7c911f7d372c56fbedd26edfcada29fb82ad5e11
sha512: 65df31532c5d47489eff3886d00dc00b363adae42f9dbf99a372b0d6859d9e3a3ae55e2dfe74e8a5aa829625986b60dca5538c36f1a4004e58eb436ad1ccd9e9
ssdeep: 3072:lP3/6y6/LNhOv1qUrcLXJAqYr9m2NbK7mV:lqnhgHd9m2N27m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CAC312BD30C55017D6017A34C626D72E83146F08D0B9F26B822E3DEFBAA57A0878D963
sha3_384: 4b7cc661326a56d4866175455e1c4c564f392ac897c4abb46aae0289866e6c0113f725d58c533e074b3908ad29171bab
ep_bytes: 60be00c042008dbe0050fdff57eb0b90
timestamp: 2014-04-03 07:27:12


Version Info:

Comments: 
CompanyName: 360.cn
FileDescription: 360手机助手
FileVersion: 2, 4, 0, 1077
InternalName: 360MobileMgr.exe
LegalCopyright: (C) 360.cn Inc. All Rights Reserved.
LegalTrademarks: 
OriginalFilename: 360MobileMgr.exe
PrivateBuild: 
ProductName: 360手机助手
ProductVersion: 2, 4, 0, 1077
SpecialBuild: 
Translation: 0x0804 0x04b0

Generic.KillMBR.A.15275B9D also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Farfli.m!c
MicroWorld-eScanGeneric.KillMBR.A.15275B9D
ClamAVWin.Trojan.Farfli-9823560-0
FireEyeGeneric.mg.1faa164817cebfe7
SkyhighGenericRXEN-ZP!AC23D058A311
McAfeeGenericRXAA-AA!1FAA164817CE
Cylanceunsafe
ZillyaTrojan.Staser.Win32.249
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e3e41 )
AlibabaBackdoor:Win32/Farfli.2280ee3e
K7GWTrojan ( 0055e3e41 )
Cybereasonmalicious.268c3a
BaiduWin32.Trojan.Farfli.aw
SymantecBackdoor.Trojan
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Farfli.AGB
APEXMalicious
CynetMalicious (score: 99)
KasperskyBackdoor.Win32.Farfli.zdu
BitDefenderGeneric.KillMBR.A.15275B9D
NANO-AntivirusTrojan.Win32.Staser.cwtinl
AvastWin32:Dropper-MLT [Drp]
TencentTrojan.Win32.Staser.wtr
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1341865
DrWebTrojan.DownLoader9.54835
VIPREGeneric.KillMBR.A.15275B9D
TrendMicroBKDR_FARFLI.SMQ
Trapminemalicious.high.ml.score
EmsisoftGeneric.KillMBR.A.15275B9D (B)
IkarusBackdoor.Win32.Farfli
GDataWin32.Trojan-Spy.IronTiger.A
JiangminBackdoor.Zegost.ju
GoogleDetected
AviraHEUR/AGEN.1341865
Antiy-AVLTrojan/Win32.Staser
XcitiumTrojWare.Win32.Jorik.WMG@50lwli
ArcabitGeneric.KillMBR.A.15275B9D
ZoneAlarmBackdoor.Win32.Farfli.zdu
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Backdoor/Win32.Zegost.R103850
BitDefenderThetaGen:NN.ZexaF.36738.hmKfa43aYlfb
ALYacGeneric.KillMBR.A.15275B9D
MAXmalware (ai score=100)
VBA32BScope.Trojan.Keyloggerger
MalwarebytesMalware.Heuristic.1003
PandaTrj/Genetic.gen
TrendMicro-HouseCallBKDR_FARFLI.SMQ
RisingBackdoor.Farfli!8.B4 (TFE:5:NmkOnjJje0T)
YandexTrojan.Staser!EHZM0KX6g8Q
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7022584.susgen
FortinetW32/Farfli.ACJ!tr
AVGWin32:Dropper-MLT [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Generic.KillMBR.A.15275B9D?

Generic.KillMBR.A.15275B9D removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment